From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 434BCC4338F for ; Thu, 12 Aug 2021 01:08:45 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id B4BE360EB2 for ; Thu, 12 Aug 2021 01:08:44 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org B4BE360EB2 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kvack.org Received: by kanga.kvack.org (Postfix) id 283F76B006C; Wed, 11 Aug 2021 21:08:44 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 20BBF6B0071; Wed, 11 Aug 2021 21:08:44 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 0D40E8D0001; Wed, 11 Aug 2021 21:08:44 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0069.hostedemail.com [216.40.44.69]) by kanga.kvack.org (Postfix) with ESMTP id E3E0E6B006C for ; Wed, 11 Aug 2021 21:08:43 -0400 (EDT) Received: from smtpin19.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay04.hostedemail.com (Postfix) with ESMTP id 81F1C243BA for ; Thu, 12 Aug 2021 01:08:43 +0000 (UTC) X-FDA: 78464643726.19.0316D81 Received: from mail-lf1-f54.google.com (mail-lf1-f54.google.com [209.85.167.54]) by imf22.hostedemail.com (Postfix) with ESMTP id 429A08FEA for ; Thu, 12 Aug 2021 01:08:43 +0000 (UTC) Received: by mail-lf1-f54.google.com with SMTP id t9so9937610lfc.6 for ; Wed, 11 Aug 2021 18:08:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to:cc; bh=6MbjmzBnwM6gjnG7Cc/YOmrr7HwaCTb5NruG7e2TxrA=; b=PrVUN0df8cRryRb5/kqtkJINDrWtN1NPNMcAoKTLIrZKL77uTNxavXiQUBdjBxnWz3 uXEYlfVZ0s1Mqa1RrOuucScEjH004NB3c66AfPgQMXmxizngv6kSEd1Lb/FZtEQgwRSN MOLwi3vPgtqQhiarGvyEiPwl9+UNp6uIkDU5/Y1BETL0B5j8V3vKim/LR13I2QdB+tHW OSTiCOYXzo4nSVHsRGYPAjLOYdEas58VlZI5N/33396iglmOZl+cF/eQszlJecSKTYWj PVo0VYWo2L6viWgTkQuyDbY4oxTQHWvZYwscVMlJULxOXt6fL/yEu4Z9u8N9iJIi/qZd sbkA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to:cc; bh=6MbjmzBnwM6gjnG7Cc/YOmrr7HwaCTb5NruG7e2TxrA=; b=UNdLNcVeOqCw6is6lYjJYMUjlsbQGAzyKbzzFxT1DcwyEO2b7lCH/xNOLSIxwOX4hZ l9UJSUC1TBH6rKVBlLmjLxUAuBwkI2tbfnOYJbdtLiZMkcml+9wQbu8OPUhff2Epyw02 cKzcfHnaLQGOBmuEF5X/ZaiAyUq/ymvDmrcxmE+8BjKsiDzAsgISYv9JU9tnDfgmzvwH iA0sZF5MqDnDfbvU3HJ31aJTbEl4MqxSfwNpNmbSaeJ4kWQwFPsvVtRzF1P9RvHCeKlP fTSdR5At9p7qLU0hcx6yOdmziYoDrSguHhJUQ2t+Jxtni/Zud1t/mil0EZH3SKTuYRFr /k9g== X-Gm-Message-State: AOAM532tWcxqtNiXKD71U4NiqNNwl3/mYYU2fBLXTY//Gelp+CM7V2ho UZj3vGyULvcNK00ABk0ylvS01FdWDVEjB1mPW9e2hsj3iZaXXQ== X-Google-Smtp-Source: ABdhPJwU5pjiW19vxq1Fb7/Ubjv2aygoXSH5qEL0ldvB751wg0FPw+dTekqs8olQYHv56ya7p9oAFx/91l1avig4t0U= X-Received: by 2002:ac2:4ed3:: with SMTP id p19mr645487lfr.307.1628730521167; Wed, 11 Aug 2021 18:08:41 -0700 (PDT) MIME-Version: 1.0 From: Steve French Date: Wed, 11 Aug 2021 20:08:30 -0500 Message-ID: Subject: signed integer overflow bug in truncate_pagecache To: linux-mm Cc: linux-fsdevel , LKML Content-Type: text/plain; charset="UTF-8" X-Rspamd-Server: rspam03 X-Rspamd-Queue-Id: 429A08FEA X-Stat-Signature: tamygdzq6ya5ogkeksqbu91oirfiuhrz Authentication-Results: imf22.hostedemail.com; dkim=pass header.d=gmail.com header.s=20161025 header.b=PrVUN0df; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (imf22.hostedemail.com: domain of smfrench@gmail.com designates 209.85.167.54 as permitted sender) smtp.mailfrom=smfrench@gmail.com X-HE-Tag: 1628730523-861586 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Running a debug build of the kernel while running regression tests for cifs.ko on 5.11, I noticed this message logged which looks like it is still a probably valid bug in truncate_pagecache in mm/truncate.c in current kernel as well loff_t holebegin = round_up(newsize, PAGE_SIZE); This was what was in dmesg: [23907.325526] UBSAN: signed-integer-overflow in mm/truncate.c:833:9 [23907.325532] 9223372036854775807 + 1 cannot be represented in type 'long long int' [23907.325536] CPU: 2 PID: 13007 Comm: xfs_io Not tainted 5.11.22 #1 [23907.325540] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [23907.325543] Call Trace: [23907.325548] dump_stack+0x8d/0xb5 [23907.325560] ubsan_epilogue+0x5/0x50 [23907.325568] handle_overflow+0xa3/0xb0 [23907.325581] truncate_pagecache+0x8a/0x90 [23907.325587] cifs_set_file_size+0xdb/0x2c0 [cifs] [23907.325749] cifs_setattr+0xc93/0x1260 [cifs] [23907.325799] notify_change+0x35b/0x4a0 [23907.325811] ? do_truncate+0x5e/0x90 [23907.325817] do_truncate+0x5e/0x90 [23907.325828] do_sys_ftruncate+0x143/0x280 [23907.325837] do_syscall_64+0x33/0x40 [23907.325842] entry_SYSCALL_64_after_hwframe+0x44/0xa9 -- Thanks, Steve